Wireshark 4.6.x < 4.6.5 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.5 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003374)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003374 advisory. Race condition in the sclpctlioctlsccb function in drivers/s390/char/sclpctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from...

CVE-2025-67526

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through 4.4.6...

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

EUVD-2025-36121

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

CVE-2024-7104

Improper Control of Generation of Code 'Code Injection' vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2...

CVE-2023-37233

Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks...

CVE-2023-37233

Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks...

CVE-2023-4270

The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-24577 · Unknown · Ciprian Popescu Youtube Playlist Player

Name of the Vulnerable Software and Affected Versions: Ciprian Popescu YouTube Playlist Player plugin versions prior to 4.6.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended...

SUSE CVE-2016-10366

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting XSS attack...

CVE-2020-35168

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...

DEBIAN-CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

UBUNTU-CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or...

VulnCheck KEV: CVE-2021-24370

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

CVE-2020-12705

Multiple cross-site scripting XSS vulnerabilities exist in LeptonCMS before 4.6.0...

Zoom IT installer unauthorized operation vulnerability

Zoom IT is a screen zoom and annotation tool for technical presentations from Zoom USA. A security vulnerability exists in versions of Zoom IT installer ZoomInstallerFull.msi prior to 4.6.10 for Windows-based platforms. An attacker can exploit the vulnerability to delete restricted files...

grafana: authentication bypass knowing only a username of an LDAP or OAuth user

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...